#

Oracle WebLogic Remote Execution Vulnerability (CVE-2019-2729)

Recently, Oracle released a WebLogic remote execution vulnerability (CVE-2019-2729) that is rated as high. This vulnerability will cause issues in wls9_async component when deserialization handles input information, enabling an attacker to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request.

Date Published:2019-06-25 Read More >>

Recent Security Event

#

[Alert] New Remote Code Execution Vulnerability in All ECShop Products

Recently ringk3y’s blog exposed a remote code execution vulnerability in all ECShop products. The vulnerability is caused by a variable in display function from user.php file in ECShop system. The variable can be remotely controlled and thus become an injection vulnerability which can be exploited by attackers to execute remote code on servers.It is very dangerous. The vulnerability allows attackers to use getshell to gain the highest privileges of servers. All versions of ECShop are affected by this vulnerability. Currently, the number of attacks exploiting the vulnerability is on the rise.

  • Source:SANGFOR Security Center
  • Date Published:2018-09-19
#

Struts2 Remote Code Execution Vulnerability (S2-057)

Apache Wiki exposed a new and high-risk remote code execution vulnerability in Struts 2, CVE-2018-11776.

  • Source:SANGFOR Security Center
  • Date Published:2018-08-24
#

[Alert] WebLogic Deserialization Vulnerability CVE-2018-2893

On March 28, 2018, a highly critical remote code execution vulnerability (CVE-2018-2893) in the popular open-source Drupal CMS was exposed.

  • Source:SANGFOR Security Center
  • Date Published:2018-07-25
#

[Security Alert] Local File Inclusion Vulnerability in phpMyAdmin

On June, 21, 2018, a security research institution released an article saying that local file inclusion vulnerability can cause webshell to be written to database and result in Getshell. Additionally, it is described in this article that attackers can use WebShell as the field value of data table and write it to database file, to trigger local file inclusion vulnerability and then implement Getshell.

  • Source:SANGFOR Security Center
  • Date Published:2018-06-26
#

Drupal Remote Code Execution Vulnerability(CVE-2018-7600)

On March 28, 2018, a highly critical remote code execution vulnerability (CVE-2018-7600) in the popular open-source Drupal CMS was exposed.

  • Source:SANGFOR Security Center
  • Date Published:2018-05-04